Incident Response
Security incident handling procedures for HealthTalk.
Incident Categories
| Category | Description | Example |
|---|---|---|
| Security | Unauthorized access, malware | Brute force attack |
| Privacy | Data breach, unauthorized disclosure | PHI exposure |
| Availability | Service outage, degradation | System downtime |
| Integrity | Data corruption, unauthorized modification | Database tampering |
Severity Levels
| Level | Description | Response Time |
|---|---|---|
| Critical | Active breach, data exposure | Immediate |
| High | Potential breach, significant risk | 1 hour |
| Medium | Contained incident, moderate risk | 4 hours |
| Low | Minor issue, minimal risk | 24 hours |
Response Process
1. Detection & Reporting
- Automated monitoring alerts
- User reports via security@medrecord.nl
- Partner notifications
2. Triage
- Assess severity and scope
- Assign incident manager
- Notify relevant stakeholders
3. Containment
- Isolate affected systems
- Preserve evidence
- Prevent further damage
4. Eradication
- Remove threat
- Patch vulnerabilities
- Verify clean state
5. Recovery
- Restore services
- Monitor for recurrence
- Verify functionality
6. Post-Incident
- Root cause analysis
- Lessons learned
- Process improvements
- Update risk register
Notification Requirements
Internal Notification
- Management: All High/Critical
- Security team: All incidents
- Affected teams: As relevant
External Notification
- Data subjects: Within 72 hours (if required)
- Regulators: Per legal requirements
- Partners: Per contract terms
Documentation
All incidents documented with:
- Timeline of events
- Actions taken
- Evidence preserved
- Lessons learned
Last updated on